SYNOPSIS
obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] managed obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] transport [-h] [--dest dest] [--ext-cookie-file ext_cookie_file] ... mode listen_addr obfsproxy --help
DESCRIPTION
obfsproxy is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.
OPTIONS
--log-file log_file
- Set logfile location.
--log-min-severity severity
- Set minimum logging severity (default: no logging). severity must be one of error, warning, info, debug.
--no-log
- Disable logging.
--no-safe-logging
- Disable safe (scrubbed address) logging.
-h, --help
- Show help message and exit.
MANAGED TRANSPORT
Using managed as TRANSPORT allows Tor to start and control obfsproxy by itself. Add a line like the following to torrc to use it when acting as a bridge:
-
ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
When connecting to an obfuscated bridge, adapt the following:
-
ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
DUMMY TRANSPORT
Use a protocol that simply proxies data without obfuscating them. For tests only.
No extra options.
B64 TRANSPORT
Use a protocol that encodes data with base64 before pushing them to the network.
No extra options.
OBFS2 TRANSPORT
Use the obfs2 protocol. obfs2 is known to be fingerprintable and is deprecated. See https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt for the specification.
No extra options.
OBFS3 TRANSPORT
Use the obfs3 protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/obfs3/obfs3-protocol-spec.txt for the specification.
No extra options.
SCRAMBLESUIT TRANSPORT
Use the scramblesuit protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/scramblesuit/scramblesuit-spec.txt for the specification.
--password password
- Shared secret for UniformDH. In server mode, a secret will be automatically generated if unspecified.
In order to configure a password with Tor on the server side, the following can be added to torrc:
-
ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
Tor clients (using a version later than 0.2.5.1-alpha) can then use:
-
Bridge scramblesuit 192.0.2.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
COMMON TRANSPORT OPTIONS
Here's the common synopsis:
Options common for all transports:
transport
- One of managed, dummy, b64, obfs2, obfs3 or scramblesuit. See above for details.
-h
- Show help message and exit.
--dest dest
- Set destination address. Mandatory in all modes except socks.
--ext-cookie-file ext_cookie_file
- Configure the filesystem path where the Extended ORPort authentication cookie is stored.
mode
- Mode must be one of server (old-style ServerTransportPlugin), ext_server (support for Extended ORPort), client (bridge client) or socks (client using SOCKS to connect to bridges).
listen_addr
- Address on which the proxy will listen.
BUGS
Plenty, probably. obfsproxy is still in development. Please report them.
AUTHORS
George Kadianakis <[email protected]>
Philipp Winter <[email protected]>
Brandon Wiley <[email protected]>